[BC] IP address blocking

[Cowboy]

On Thursday 15 May 2008 07:38 pm, Craig Healy wrote:

>  >   HOWEVER, how you block a range depends entirely on your firewall, what
>  >   it's capable of, and what it's not capable of.
>  >   Some will, some won't, and some can be made to by port-forwarding all
>  >   ports to the bit-bucket.
>  >
>  >   What's the firewall ?
>  
>  Considering the Sonicwall TZ180 or TZ190, depending if the want a WiFi
>  connection or not.  The client has both a Cox static IP business connection
>  and a dynamic IP Verizon DSL for backup.  The OPT port will do failover.
>  The sales guy has simply ignored any questions about blocking IP addresses.
>  
>  In this application they do need some ports forwarded to various machines.
>  The idea also is to block outbound connections to the forbidden addresses,
>  not just inbound.  They want to protect their employees from malware links
>  and the like.

 It's been a long time since I've been in a SonicWall, but they were a very well
 done firewall appliance, with quite a few capabilities not well understood
 back then. I'm relatively certain it can do the incoming.
 Not sure about the outgoing. 
 If I remember correctly, you can do what you seek through some creative
 routing. ( establishing a route for a block of addresses that essentially doesn't
 go anywhere, in or out )

 I'll hafta see if I can find docs on their line again.

-- 
Cowboy